Web Management Guide-R04
Table Of Contents
- How to Use This Guide
- Contents
- Figures
- Tables
- Getting Started
- Web Configuration
- Using the Web Interface
- Basic Management Tasks
- Displaying System Information
- Displaying Hardware/Software Versions
- Configuring Support for Jumbo Frames
- Displaying Bridge Extension Capabilities
- Managing System Files
- Setting the System Clock
- Configuring the Console Port
- Configuring Telnet Settings
- Displaying CPU Utilization
- Configuring CPU Guard
- Displaying Memory Utilization
- Resetting the System
- Interface Configuration
- VLAN Configuration
- Address Table Settings
- Spanning Tree Algorithm
- Congestion Control
- Class of Service
- Layer 2 Queue Settings
- Layer 3/4 Priority Settings
- Setting Priority Processing to IP Precedence/DSCP or CoS
- Mapping Ingress DSCP Values to Internal DSCP Values
- Mapping CoS Priorities to Internal DSCP Values
- Mapping Internal DSCP Values to Egress CoS Values
- Mapping IP Precedence Values to Internal DSCP Values
- Mapping IP Port Priority to Internal DSCP Values
- Quality of Service
- VoIP Traffic Configuration
- Security Measures
- AAA Authentication, Authorization and Accounting
- Configuring User Accounts
- Web Authentication
- Network Access (MAC Address Authentication)
- Configuring HTTPS
- Configuring the Secure Shell
- Access Control Lists
- Filtering IP Addresses for Management Access
- Configuring Port Security
- Configuring 802.1X Port Authentication
- DoS Protection
- DHCPv4 Snooping
- DHCPv6 Snooping
- IPv4 Source Guard
- IPv6 Source Guard
- ARP Inspection
- Application Filter
- Basic Administration Protocols
- Configuring Event Logging
- Link Layer Discovery Protocol
- Simple Network Management Protocol
- Configuring Global Settings for SNMP
- Setting Community Access Strings
- Setting the Local Engine ID
- Specifying a Remote Engine ID
- Setting SNMPv3 Views
- Configuring SNMPv3 Groups
- Configuring Local SNMPv3 Users
- Configuring Remote SNMPv3 Users
- Specifying Trap Managers
- Creating SNMP Notification Logs
- Showing SNMP Statistics
- Remote Monitoring
- Switch Clustering
- Setting a Time Range
- Ethernet Ring Protection Switching
- OAM Configuration
- Connectivity Fault Management
- Configuring Global Settings for CFM
- Configuring Interfaces for CFM
- Configuring CFM Maintenance Domains
- Configuring CFM Maintenance Associations
- Configuring Maintenance End Points
- Configuring Remote Maintenance End Points
- Transmitting Link Trace Messages
- Transmitting Loop Back Messages
- Transmitting Delay-Measure Requests
- Displaying Local MEPs
- Displaying Details for Local MEPs
- Displaying Local MIPs
- Displaying Remote MEPs
- Displaying Details for Remote MEPs
- Displaying the Link Trace Cache
- Displaying Fault Notification Settings
- Displaying Continuity Check Errors
- OAM Configuration
- UDLD Configuration
- LBD Configuration
- Smart Pair Configuration
- Multicast Filtering
- Overview
- Layer 2 IGMP (Snooping and Query for IPv4)
- Configuring IGMP Snooping and Query Parameters
- Specifying Static Interfaces for a Multicast Router
- Assigning Interfaces to Multicast Services
- Setting IGMP Snooping Status per Interface
- Filtering IGMP Query Packets and Multicast Data
- Displaying Multicast Groups Discovered by IGMP Snooping
- Displaying IGMP Snooping Statistics
- Filtering and Throttling IGMP Groups
- MLD Snooping (Snooping and Query for IPv6)
- Multicast VLAN Registration for IPv4
- Multicast VLAN Registration for IPv6
- Basic IP Functions
- IP Configuration
- General IP Routing
- IP Services
- Appendices
- Glossary
Chapter 12
| Security Measures
Configuring 802.1X Port Authentication
– 362 –
Parameters
These parameters are displayed:
◆ Port – Port number.
◆ Status – Indicates if authentication is enabled or disabled on the port. The
status is disabled if the control mode is set to Force-Authorized.
◆ Authorized – Displays the 802.1X authorization status of connected clients.
■
Ye s – Connected client is authorized.
■
N/A – Connected client is not authorized, or port is not connected.
◆ Control Mode – Sets the authentication mode to one of the following options:
■
Auto – Requires a dot1x-aware client to be authorized by the
authentication server. Clients that are not dot1x-aware will be denied
access.
■
Force-Authorized – Forces the port to grant access to all clients, either
dot1x-aware or otherwise. (This is the default setting.)
■
Force-Unauthorized – Forces the port to deny access to all clients, either
dot1x-aware or otherwise.
◆ Operation Mode – Allows single or multiple hosts (clients) to connect to an
802.1X-authorized port. (Default: Single-Host)
■
Single-Host – Allows only a single host to connect to this port.
■
Multi-Host – Allows multiple host to connect to this port.
In this mode, only one host connected to a port needs to pass
authentication for all other hosts to be granted network access. Similarly, a
port can become unauthorized for all hosts if one attached host fails re-
authentication or sends an EAPOL logoff message.
■
MAC-Based – Allows multiple hosts to connect to this port, with each host
needing to be authenticated.
In this mode, each host connected to a port needs to pass authentication.
The number of hosts allowed access to a port operating in this mode is
limited only by the available space in the secure address table (i.e., up to
1024 addresses).
◆ Max Count – The maximum number of hosts that can connect to a port when
the Multi-Host operation mode is selected. (Range: 1-1024; Default: 5)
◆ Max Request – Sets the maximum number of times the switch port will
retransmit an EAP request packet to the client before it times out the
authentication session. (Range: 1-10; Default 2)